what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2013-07-09

Zoom X4 / X5 SQL Injection / Authentication Bypass
Posted Jul 9, 2013
Authored by Kyle Lovett

Zoom X4 and X5 modems suffers from authentication bypass and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, bypass
SHA-256 | e6d22d7021bfb287cc6ae6f292362183cb62e754091ade52c2acd1b0086f7d72
Microsoft Security Bulletin Summary For July, 2013
Posted Jul 9, 2013
Site microsoft.com

This bulletin summary lists 7 released Microsoft security bulletins for July, 2013.

tags | advisory
SHA-256 | 180019270f7e502d4291099c0b53cd007c7aa0e3cd85bffc2410d975895a3acd
Poor Man's Security Lab
Posted Jul 9, 2013
Authored by Josh Clark | Site chimera-security.com

Whitepaper called the Poor Man's Security Lab. It provides walk throughs for setting up various virtualized hosts.

tags | paper
SHA-256 | a46c8da5a0bbcc6e045f7533314b35492b482573a49ea4b0bc0f4954b92642f1
Linux 3.10 libceph Null Pointer Dereference
Posted Jul 9, 2013
Authored by Chanam Park

Linux kernel versions up to 3.10 suffer from a libceph null pointer dereference vulnerability.

tags | advisory, kernel
systems | linux
advisories | CVE-2013-1059
SHA-256 | 97fc632dd5328279c3f77035f5bedff6103ed9285f01dcac6d213e5c55b9bd44
Ubuntu Security Notice USN-1902-1
Posted Jul 9, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1902-1 - William (B.J.) Snow Orvis discovered that Ruby incorrectly verified the hostname in SSL certificates. An attacker could trick Ruby into trusting a rogue server certificate, which was signed by a trusted certificate authority, to perform a man-in-the-middle attack.

tags | advisory, ruby
systems | linux, ubuntu
advisories | CVE-2013-4073
SHA-256 | 17b6e172f6f500eb09224783bba48cd4ec53f79cee3f1b516d382ce45ce0368c
Posted Jul 9, 2013
Authored by Mike Davis | Site ioactive.com

IOActive Security Advisory - DASDEC-I and DASDEC-II from Digital Alert Systems (DAS), which are used in the Emergency Alert System, have an embedded root ssh key that enables an attacker to transmit false emergency information over a large geographic area.

tags | exploit, root
SHA-256 | b32108bd2c0d9441bb1f18cfa9a0bc8a321063c45c679b287a55fffbc1d67034
Apache CXF 2.5.10 / 2.6.7 / 2.7.4 Denial Of Service
Posted Jul 9, 2013
Authored by A. Falkenberg, Joerg Schwenk, Juraj Somorovsky, Christian Mainka | Site sec-consult.com

Apache CXF versions prior to 2.5.10, 2.6.7, and 2.7.4 suffer from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2013-2160
SHA-256 | bd800eccaafd0f41d9a2aa6be1e7ad144231f64eaa6af3b4f06fce8a84901843
Technical Cyber Security Alert 2013-190A
Posted Jul 9, 2013
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2013-190A - Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities.

tags | advisory, vulnerability
SHA-256 | 597aa48cf8f13d8e76203ceb06c30e1a55cac7e00bffd1c1461cda21c9c6e258
Red Hat Security Advisory 2013-1028-01
Posted Jul 9, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1028-01 - Fuse ESB Enterprise, based on Apache ServiceMix, provides an integration platform. This release of Fuse ESB Enterprise 7.1.0 roll up patch 1 is an update to Fuse ESB Enterprise 7.1.0 and includes bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-5575, CVE-2013-0269, CVE-2013-1821, CVE-2013-2160
SHA-256 | dbfdd55df544378dcc45bbf34e83daecacebea4051e3922e1233975573bd1954
Digital Whisper Electronic Magazine #43
Posted Jul 9, 2013
Authored by cp77fk4r, digitalwhisper

Digital Whisper Electronic Magazine issue 43. Written in Hebrew.

tags | magazine
SHA-256 | 92c4e2b59d270500c8f8a66357e2d864f89bc5ed73512733e091f655fc582cb1
Red Hat Security Advisory 2013-1026-01
Posted Jul 9, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1026-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A buffer overflow flaw was found in the way UTF-8 characters were converted to UTF-16 in the utf8s_to_utf16s() function of the Linux kernel's FAT file system implementation. A local user able to mount a FAT file system with the "utf8=1" option could use this flaw to crash the system or, potentially, to escalate their privileges.

tags | advisory, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2013-1773, CVE-2013-1796, CVE-2013-1797, CVE-2013-1798, CVE-2013-1848
SHA-256 | b2762b397b08d9221223dfd977b06176c19c33b3c398947bbd9f500e79632400
Joomla Attachments Shell Upload
Posted Jul 9, 2013
Authored by Stars Hacking Team

Joomla Attachments component suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 1118e6723abe23812d4c09d598a6d831cec1b36454e39e2b9c1ca53527c34578
ERS Viewer 2013 ERS File Handling Buffer Overflow
Posted Jul 9, 2013
Authored by James Fitts, juan vazquez | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability found in ERS Viewer 2013. The vulnerability exists in the module ermapper_u.dll, where the function rf_report_error handles user provided data in a insecure way. It results in arbitrary code execution under the context of the user viewing a specially crafted .ers file. This Metasploit module has been tested successfully with ERS Viewer 2013 (versions on Windows XP SP3 and Windows 7 SP1.

tags | exploit, overflow, arbitrary, code execution
systems | windows
advisories | CVE-2013-3482, OSVDB-93650
SHA-256 | 34af08f8dddf30575d54f3ae715a7d1578f9f140985dc2fe0ec36bc406b9b344
OATH Toolkit 2.2.0
Posted Jul 9, 2013
Site nongnu.org

OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.

Changes: This release adds functions for creating PSKC data to libpskc. In liboath, it permits different passwords for different tokens for the same user. It improves building from git with the most recent automake and gengetopt. Valgrind is not enabled by default. The liboath header file is usable from C++ (extern "C" guard).
tags | tool
systems | unix
SHA-256 | aac15aaf0d03d26bf50d2e8bdac74ca9d7211dd4cf20047e529390d3ebdd7df1
Ubuntu Security Notice USN-1901-1
Posted Jul 9, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1901-1 - Timothy D. Morgan discovered that Raptor would unconditionally load XML external entities. If a user were tricked into opening a specially crafted document in an application linked against Raptor, an attacker could possibly obtain access to arbitrary files on the user's system or potentially execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, arbitrary, xxe
systems | linux, ubuntu
advisories | CVE-2012-0037
SHA-256 | 129bfa80ff19162520bf13eed9fe89bfddd3574089068101f024e5bd08c06df6
Sanewall 1.1.4
Posted Jul 9, 2013
Authored by Costa Tsaousis, Phil Whineray | Site sanewall.org

Sanewall is a firewall builder for Linux which uses an elegant language abstracted to just the right level. This makes it powerful and easy to use, audit, and understand. It allows you to create very readable configurations even for complex stateful firewalls. Sanewall can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, all kinds of NAT, providing strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, and whitelists. Newer versions abstract the differences between IPv4 and IPv6, allowing you to define a common set of rules for both, while permitting specific rules for each as you need.

Changes: "sanewall save" now creates two files, which is what most init systems expect. "sanewall status" now identifies which blocks are IPv6 or IPv4. "sanewall condrestart" now follows convention by only restarting if already running. Various programs and files are now detected at configure-time rather than run-time.
tags | tool, spoof, firewall
systems | linux, unix
SHA-256 | 1d43aaccbe3da7de634097317cf9714ebe9b35ed10bc08f213f6214f84e9bdeb
Page 1 of 1

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By